mirror of
https://gitlab.com/wgp/dougal/software.git
synced 2025-12-06 08:57:08 +00:00
78 lines
1.5 KiB
JavaScript
78 lines
1.5 KiB
JavaScript
|
|
|
|
async function read (req, res, next) {
|
|
if (req.user) {
|
|
next();
|
|
} else {
|
|
next({status: 403, message: "Access denied"});
|
|
}
|
|
}
|
|
|
|
async function write (req, res, next) {
|
|
if (req.user && (req.user.role == "user" || req.user.role == "admin")) {
|
|
next();
|
|
} else {
|
|
next({status: 403, message: "Access denied"});
|
|
}
|
|
}
|
|
|
|
async function admin (req, res, next) {
|
|
if (req.user && req.user.role == "admin") {
|
|
next();
|
|
} else {
|
|
next({status: 403, message: "Access denied"});
|
|
}
|
|
}
|
|
|
|
/** Return a middleware to check for arbitrary roles.
|
|
*
|
|
* Examples:
|
|
*
|
|
* req1 = {user: {role: "admin"}};
|
|
*
|
|
* role("admin")(req1) → true
|
|
* role("user")(req1) → false
|
|
* role(["user", "admin"])(req1) → true
|
|
* role("guest")(req1) → false
|
|
*
|
|
* req2 = {user: {role: ["admin", "user"]}}
|
|
*
|
|
* role("admin")(req2) → true
|
|
* role("user")(req2) → true
|
|
* role(["user", "admin"])(req2) → true
|
|
* role("guest")(req2) → false
|
|
*
|
|
* To check for role1 AND role2, use two middlewares:
|
|
*
|
|
* [role("role1"), role("role2")]
|
|
*
|
|
*/
|
|
async function role (required_role) {
|
|
|
|
const roles = Array.isArray(required_role)
|
|
? required_role
|
|
: [ required_role ];
|
|
|
|
function check (user_role) {
|
|
if (Array.isArray(user_role)) {
|
|
return user_role.some(check);
|
|
} else {
|
|
return roles.includes(user_role);
|
|
}
|
|
}
|
|
|
|
return (req, res, next) => {
|
|
if (req.user && check(req.user?.role) {
|
|
next();
|
|
}
|
|
next({status: 403, message: "Access denied"});
|
|
};
|
|
}
|
|
|
|
module.exports = {
|
|
read,
|
|
write,
|
|
admin,
|
|
role
|
|
};
|